Univention Bugzilla – Bug 37240
squid3: Denial of service (ES 3.1)
Last modified: 2015-09-03 12:58:31 CEST
Denial of service through malformed Range: headers (CVE-2014-3609) http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
3.1.6-1.2+squeeze5 has been imported and built. I've copied the enable ssl patch: r15201. 3.1.6-1.2+squeeze5 also fixes this issue: CVE-2015-5400: Do not blindly forward cache peer CONNECT responses. The version number should be between UCS 3.1 and UCS 3.2. Since in UCS 3.0/3.1 is 3.1.6-1.2+squeeze2, it also fixes CVE-2012-5643 and CVE-2013-0189.
Created attachment 7146 [details] 3.1-squid3.txt
Patch: OK Changelog: OK Advisory: OK Tests (i386, amd64): OK
Published